[Python-ideas] Should our default random number generator be secure?

random832 at fastmail.us random832 at fastmail.us
Wed Sep 9 19:46:09 CEST 2015

On Wed, Sep 9, 2015, at 13:18, Serhiy Storchaka wrote:
> Entropy -- limited and slowly recoverable resource (especially if there 
> is no network activity). If you consume it too quickly (for example in a 
> scientific simulation or in a game), it will not have time to recover, 
> that will slow down not only your program, but all consumers of entropy. 
> The use of random.SystemRandom by default looks dangerous. It is 
> unlikely that all existing programs will be rewritten to use 
> random.FastInsecureRandom.

http://www.2uo.de/myths-about-urandom/ should be required reading.

As far as I know, no-one is actually proposing the use of a method that
blocks when there's "not enough entropy", nor does arc4random itself
appear to do so.

More information about the Python-ideas mailing list